Search form

Privacy Issues in Federal Systems

Federal information-gathering systems of many different types
raise similar concerns about privacy; some of these systems include
tax enforcement systems, Know Your Customer programs to crack down
on money laundering, medical databases, and so on. My testimony
today is applicable to a wide range of systems, and will explore
the following issues:

The danger to human rights from federal information
systems.

Security concerns such as identity theft, as distinct from
privacy concerns.

The role of encryption, biometrics, and digital signatures in
federal systems.

The most effective rules for ameliorating federal threats to
privacy, emphasizing the importance of limited government, limited
agency discretion, and the Fourth Amendment.

Why Privacy is Important

Privacy in federal systems is an important component of
protecting against threats to human rights. Federal agencies and
employees have used information stored in federal systems to carry
on personal or political vendettas, or violations of rights on a
grander scale. Past abuses include: During World War II, U.S.
census data was used to identify Japanese-Americans and place them
in internment camps.

In 1995 over 500 Internal Revenue Service agents were caught
illegally snooping through tax records of thousands of Americans,
including personal friends and celebrities. Only five employees
were fired for this misconduct.

In response, the IRS developed new privacy protection measures.
These measures were useless, with hundreds of IRS agents being
caught in early 1997, again snooping through the tax records of
acquaintances and celebrities.

The Clinton administration reportedly obtained hundreds of FBI
files, including those of:

Billy R. Dale: Fired Travel Office Director

Marlin Fitzwater: Bush’s press secretary

Ken Duberstein: Reagan’s chief of staff

James Baker: Bush’s secretary of state

Tony Blankley: Newt Gingrich’s spokesman

Identity theft is another serious problem associated with the
growth of centralized information databases. As I discuss in the
next section, however, this privacy problem is distinct from
concerns about privacy related to human rights.

Identity Theft: Security Problems
Distinguished

Privacy is a broad concept; many subtle and difficult questions
of business and medical ethics, limited government, and problems of
identity theft are commonly swept together under the heading of
“privacy” concerns. In fact, many of these issues are not closely
related at all, and lumping them together does more harm than good.
Here I distinguish security concerns from human rights
concerns.

The problem of identity theft should be a major focus of
attention to federal systems. Identity theft often occurs not
because the database is holding too much information, but because
it is holding the wrong kind of information and using it
improperly.

Frequently, the “password” used to access one’s record is a
social security number, perhaps supplemented by mother’s maiden
name. Both social security numbers and surnames are names—useful
because they remain constant over time and are known and used by
many people. A name is a fundamentally different thing from a
password.

A good password should be secret, difficult or impossible to
reproduce or “crack,” and it should not be public knowledge. A
password should be changeable if the security of the original is
compromised. Both social security numbers and mother’s maiden name
are terrible passwords, and they ought not to be used as such in
federal systems.

Now, here is where the distinction between security concerns and
human rights concerns comes into play. If federal systems are to be
more secure against identity theft and other security breaches, how
could we make them so? From a pure security standpoint, the answer
is not to outlaw the use of social security numbers or other unique
identifiers. Indeed, this might increase the risk of identity theft
and other errors. The answer is to use better passwords. These
might include

true passwords, like PIN numbers, that can be changed from time
to time;

digital signatures;

The use of biometric data like a voiceprint or fingerprint,
under conditions that cannot easily be spoofed;

the use of encryption.

Note that each of these solutions would in varying degrees
reduce the risk of identity theft or other security breaches. And
the best approach to some security problems might be to increase
the amount and particularity of information stored in the system
and used for authentication. But, in the case of biometrics in
particular, this might be the worst approach to human rights
concerns.

The approach to security problems that would satisfy both
concerns would be to use non-biometric data to authenticate access
requests whenever possible. Digital signatures offer a great deal
of promise here.

Digital Signatures: A Federal Role?

This raises the question of whether legislation is called for to
establish federal procedures for accepting and using digital
signatures. I strongly recommend against legislation that would
create or set a federal standard for the validity of digital
signatures.

Digital signatures are a young technology. Considerable
experimentation with different signature models will be necessary
before the technology matures. It is vital that the private sector
lead the way in these experiments. A premature federal standard
could

become a tool of unrelated policy goals;

doom federal systems to become obsolete;

cut off competition among competing signature models.

The courts can be trusted to decide when and under what
circumstances digital signatures should be accepted, looking to the
business community for guidance. This worked well with signatures
transmitted by telegraphs,1
telephones,2 telexes,3 faxes,4
or photocopies of signatures,5 or
audio recordings.6 In 1869, one
court explained that telegraphed contract was valid, saying “It
makes no difference whether that operator writes the offer or the
acceptance … with a steel pen an inch long attached to an
ordinary penholder, or whether his pen be a copper wire a thousand
miles long. In either case the thought is communicated to the paper
by the use of the finger resting upon the pen; nor does it make any
difference that in one case common record ink is used, while in the
other case a more subtle fluid, known as electricity, performs the
same office.”7 As long as the
technology is reliable, there is no reason a court would not say
the same of digital signatures.

Checking Dangers to Human Rights

Now I return to consider privacy as a fence against violations
of human rights. Below I describe strategies that protect privacy
and limiting this danger, in order of their effectiveness. What
quickly emerges from this overview is that the best strategies for
protecting privacy have entirely fallen out of the debate—an
extremely unfortunate development.

Why Create More Databases? The Limited Government
Model.

The United States Constitution created a government of narrowly
defined and enumerated powers, a model that we have since
abandoned. This model, however, is absolutely the best defense
against dangers to privacy and human rights.

The more ambitious regulatory programs and agendas that are
adopted by the federal government, the more likely the agencies
that administer them are to begin to demand vast amounts of
information from United States citizens about their personal lives.
The higher that taxes go, the harder tax law will be to enforce,
and the greater will become the IRS’s demands for access to
personal and business records.

This is exacerbated by a common phenomena—the fact that
government agenda often grow, rather than shrink, in the face of
failure. Money laundering convictions are difficult and expensive
to obtain, ultimately catching only a few small fry and making the
streets no safer; the crackdown on money laundering would fail any
cost-benefit analysis. So what is the regulatory response? Enlarge
the program. Regulate more. From this premise, the FDIC’s
disastrous “Know Your Customer” proposal followed inexorably and
logically. Another example is Medicare, plagued by fraud and rising
costs. Real market-based reforms have never been considered;
instead, our medical records are opened to auditors and snoops.

Return to the limited government model would be the best defense
against dangers to privacy and attendant dangers to human rights.
Many federal information-gathering systems would simply never be
called into existence.

Taking The Fourth Amendment Seriously.

The Fourth Amendment does not limit what information the
government may collect, but, rather, it limits the means by which
that information may be collected. It makes information collectors
accountable to the judiciary. It is a critically important rein on
government power.

Federal demands for information from the private sector should
comply with the Fourth Amendment. No one in any context should be
required to turn information over to the federal government without
a showing of probable cause. Because the courts have been reluctant
to enforce this limit, FDIC regulators have been able to pressure
banks into spying on their customers under “voluntary” Know Your
Customer programs.

The Danger in Delegation of Broad Discretion to Federal
Agencies.

The recent outcry over the FDIC’s Know Your Customer proposal
shows that agency snooping programs will rarely sit well with the
public. The legislature’s accountability to the public is thus a
key check on dangers to privacy.

When Congress delegates broad authority to administrative
agencies, it increases dangers to privacy. The FDIC is reportedly
likely to withdraw it’s Know Your Customer proposal in response to
public comments. But we should not be fooled for a single minute
into thinking that the threat is gone.

The FDIC’s broad regulatory powers enabled it to pressure many
banks into adopting Know Your Customer policies “voluntarily.” Even
if the current proposal is abandoned, this merely means that Know
Your Customer will not be official regulation. The policy will
still be an integral part of the agency’s guidelines and
practice—which rarely, if ever, will come to the attention of the
public.

Two key steps would rein in the power of administrative agencies
to present such threats to privacy.

Agency rules should not become binding unless Congress has
affirmed them by vote.

Agencies should not be permitted to issue vague guidelines, in
practice binding but promulgated outside the safeguards of the
Administrative Procedures Act.

The European Model.

Another type of privacy protection is the model of the European
Data Protection Directive, which establishes limits on information
collection, on the type of information collected, and on the
duration for which it may be kept. As protections for human rights
go, this is a feeble model, for the following reasons:

Governments exempt themselves from limits that go to the heart
of their powers, such as the power to tax or investigate crime.

Governments must exempt many private databases (such as those
kept by trade unions or churches) just to allow normal life to
continue, so these databases remain and can be targeted by
police.

Most European governments have vast powers to regulate
citizen’s day to day lives, and limits on their use of information
are a tiny bandaid on a bleeding wound.

To illustrate my point about the fallacies of this model,
consider the situation in France. French authorities rigorously
regulate (among other things) the hours per week that one may work.
Police are sent into private businesses, appearing at the doors of
one’s office to demand that one stop working immediately, or be
ticketed. Police stand outside the doors of office buildings and
stop and search businessmen leaving their offices; the police
confiscate laptops and cell phones, to ensure that the businessmen
cannot work from home. The dangers to human rights are obvious and
enormous. The violations of privacy are severe and outrageous. But
the data protection directive does nothing to stop this. It makes
no sense to give government’s vast powers to control citizen’s day
to day lives, and trust to meaningless paper privacy tigers to
guard human rights.